[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2019-13295/imagemagick

Fri Jul 5 12:28:09 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cebe3d91 by Salvatore Bonaccorso at 2019-07-05T11:23:48Z
Add CVE-2019-13295/imagemagick

- - - - -
fe517422 by Salvatore Bonaccorso at 2019-07-05T11:24:09Z
Add relation note of CVE-2019-13297 with CVE-2019-13295

- - - - -
ac058e26 by Salvatore Bonaccorso at 2019-07-05T11:27:21Z
Add Debian bug reference for CVE-2019-13297/imagemagick

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,15 +49,17 @@ CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at Ma
 CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
 	TODO: check
 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (bug #931455)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
 	NOTE: Some older version before the fixing commit did as well not check for
-	NOTE: width size.
+	NOTE: width size (cf. CVE-2019-13295).
 CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemor ...)
 	TODO: check
 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
 CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...)
 	NOT-FOR-US: AROX School-ERP Pro
 CVE-2019-13293



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4aa7075e8d8e74b2dc1410b338cc127c3a2772...ac058e26eb94ba3efc4c1ef646a2503e2d827379

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fe4aa7075e8d8e74b2dc1410b338cc127c3a2772...ac058e26eb94ba3efc4c1ef646a2503e2d827379
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190705/8b5b9a01/attachment.html>
